Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

bumburumbi writes "An unauthorised computer, apparently running encrypted software, was found hidden inside an unoccupied office in the Icelandic Parliament, Althingi, connected to the internal network. According to the Reykjavik Grapevine article, serial numbers had been removed and no fingerprints were found. The office had been used by substitute MPs from the Independence Party and The Movement, the Parliamentary group of Birgitta Jonsdottir, whose Twiiter account was recently subpoenaed by US authorities. The Icelandic daily Morgunbladid, under the editorship of Mr David Oddsson, former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks. The reporter for the Reykjavik Grapevine, Mr Paul Nikolov is a former substitute MP, having taken seat in Parliament in 2007 and 2008."

My favorite is the opposite. It was a unix server at a university that none knew where was physically, but that was happily doing its thing for the network. Eventually they found it by following the network cabling and knocking down a drywall.

An iceland parlementarian's twitter account subpoenaed by u.s. government, yet, the operation to spy on the iceland government, for some godfrigging reason, is proposed to be the operation by wikileaks ?

Maybe because the bullying was too obvious. IIRC it even got out before the vote on the law.

I guess it would have been political suicide for the ruling party if they bent over in such plain view. I mean, would you vote for a party that is a puppet of a foreign regime? And you may rest assured that the opposition would have rubbed it in 'til the next election and beyond.

I'm trying to think of some government that is less likely than Iceland's to have interesting fodder for WikiLeaks.

Maybe I'm naive and Iceland is really a hotbed of corruption and intrigue, but somehow it seems unlikely that there's anything to leak, aside from political maneuvers and backbiting that would seem tame in almost any other country. The Icelandic financial institution scandal is pretty long in the tooth at this point. Bugging Iceland would probably be a sign of really poor judgment on the part of any aspiring scandal-monger.

Of course, every society probably has its quota of twits who are interested in eavesdropping on their colleagues. But with the new interest in Iceland evidenced by the US gummint, you do gotta wonder.

True, it can be done easily, but the expert didn't say it couldn't be done. The expert said it wouldn't be done. If you store the key in RAM and there's a power failure, your bug will never work again until someone physically goes in and rebuilds the system from scratch. Determining the difference between an actual detection incident and a harmless condition like a blackout is a nontrivial exercise. And if you have regular access to the area, there's probably no good reason to plant a bug there. You ge

Yup. It could just as easily have been left there by the former third assistant clerk to the Finance Minister, who got sacked when Iceland's banking system collapsed, and who was too polite to take his severance pay in used hardware.

When, exactly, has Wikileaks actively gathered evidence? Oh, never. Wikileaks just waits for others to the gathering, they just do the publishing. Next, they will be blaming global warming on Wikileaks.

You'll recall that the guy who says he was chatting with Manning (of the quarter million stolen US State Department documents) said that Wikileaks actually made special arrangements for Manning. Worked actively with Manning to collect and stash all of that stuff. Whether, or to what degree, that's true is one of the things they (the DoD prosecutors) are still digging through.

I'm not sure if running a Tor server or gathering via p2p would be "active" in the same sense I would normally consider "active". This is still on the back side, taking what has already been taken. This is different than doing the initial taking. To do that, you have to be on the inside.

I get what you are saying, but to be clear, when I say "active", I am referring to the initial step of getting the info. Going from "secure" to "no longer secure". After that point, it is mainly courier duty.

if it was just an old sysadmin's personal download machine. Given that most computers do not have serial numbers but the ones procurement gives them, it could have been a system that was decommissioned and the sticker peeled off. I've got a couple of those myself although they're not hooked up to my companies' gigabit internet service.

Buying a computer from a small, local shop does not mean for a second that it is illegal or uses pirated software. I think that this is another cultural difference (like your comment about the FCC requirements when talking about computers from another country). In my country, the small, local computer shops are everywhere and account for a sizable proportion of computer sales (I don't know the exact breakdown). It is not uncommon to find computers branded with a company of which you have never heard. They s

Its probably not illegal for you to buy it, but I assure you it is illegal for them to sell it.

State and Federal laws require that these things be certified by the FCC for radio emissions, and by UL/CSA for electrical safety (OSHA). And, no, its not sufficient that the components were individually certified.

This pertains to USA and probably Canada has similar regs. In Icelant? Who knows.

You can still hand-build computers and have a system that passes FCC Class A tests (even Class B). Barebone computers are all FCC certified and can be modified without issues. Same goes for UL certification, as long as your components are UL certified (which I believe is necessary for them to be sold in the US) you can build just about anything you want.

It also doesn't make them illegal if they're not being certified. It's only an FCC regulation that you'll overstep in the very rare case they do not meet sp

Since you gave a cite, but I knew that in the late 20th and early 21th century in the US, you were really out of step with my reality, I googled around at the regs. I just looked at the Lqbor department stuff.

You have the problem of never having eaten chinese food, if you get the old programming reference.

I figure your employer is a little like this:

He builds pretty much standardized boxes and sells them wherever.

So I might have bought some little odd toy computer for my kid and later laptops and netbooks

Perhaps they are referring to some sort of fully homomorphic cryptosystem, although the publicly known systems are not exactly practical (it would just be foolish to deploy a classified system here, so I doubt this is the case; the point is that it is possible to encrypt software).

If it's actually related to Wikileaks, as opposed to a US-or-Euro-government spook job, it's more likely to be a Tor node. For that matter, even if it is a CIA plant, it could well be a Tor node, and similarly, if it's a fake scapegoat machine that the former bank minister is using to cover his tracks, a Tor node would be a good choice.

Stephen Christian, a computer expert at Oxymap ehf, told the Grapevine that... "Information written to disk can be recovered by experts even after being overwritten several times unless you let the computer run for a few hours constantly 'covering up' its information. Computer hackers know this."

Hahaha, probably because the challenge only offers a reward of $40 USD and they won't let you disassemble the drive, which is a requirement for any of the wiped-data-recovery papers/theories floating around.

Does unplugging the drive cables from the circuit board count as disassembly? Because you don't really need to have physical access to the inside of the drive, but merely access to the raw analog output of the drive heads on a given track (and, ideally, fractional tracks, which you should be able to fudge by rapidly stepping the drive heads one way and then the other).

The fact that you can't disassemble the drive is just plain stupid. You would need to read the platters with some higher tech gear that whats in the drive to see if there is any residual information left on it. Im not sure if its been done before but I see no reason its not physically impossible, maybe just too expensive and their are cheaper ways to get intelligence info like bribing a corrupt individual and killing them if they ever seem like they may give up what you are doing.

The Great Zero Challenge rules specifically exclude disassembly of the drive; all the bit-recovery mechanisms discussed in the literature require you to disassemble the drive and use custom heads to scan the surface magnetism map.

I.e., the contest is totally missing the point on what data recovery pros (i.e., the NSA and so forth) said they'd do if they had to scan disks to recover overwritten data.

There are four problems with the Great Zero Challenge that I could identify at a glance:

1. No incentive. The prize is $40. Data recovery companies charge tens of thousands to recover a drive. (Depending on how hard it is.)
2. No disassembly. Any technique that "reads residual magnetism" is going to require custom read heads and access to the platters.
3. No longer running. The challenge ended in January 2009 and only ran for one year. That blog post is from September 2008.
4. Full disclosure. This is a show-stopper. Data recovery companies guard their secret methods very closely. Those secrets are their only competitive advantage. Telling everyone how they did it for $40 ? I don't think so.

In contrast, the James Randi Paranormal Challenge has a $1,000,000 prize, only has rules that disallow cheating, has been running since 1964 and is still running. The fact that no one has passed the preliminary stage of that challenge means something

Disassembly was specifically permitted to incorporated businesses, and intelligence agencies.

However, the rest of your argument is not any more weak because they suddenly started permitted disassembly. In fact, the entire point of "can't disassemble the drive" is practically moot compared to the other reasons.

Many people have accomplished what they've claimed, but then Randi came up with extra tests, until they failed.

Randi very clearly lays out of the bounds of any tests beforehand, and what is considered proof.

If anyone had actually passed that test, they would, you know, sue him, because they were promised payment of a million dollars if they did that. There is an actual contract with actual winning conditions.

But since you've made that claim, you should be able to demonstrate that Randi has, at least once, laid out a test and winning conditions, and then backpeddled once someone actually won.

Or you are a liar and a slanderer who has accused someone of criminal fraud.

He's not interested in "statistics", but demands "undisputable show of magic", but without magic tricks.

Yeah, you moron, because that's what he's testing.

If he let people win by 'statistics', he'd have a constant stream of people claiming they could predict a coin toss 75% of the time....and eventually one of them would happen to do that. Because that's how statistics work.

While the statement itself is incorrect if taken as if it was accurate, traditionally when you delete a file on a partition table it does not delete the file only deletes the first bit of the filename from the file allocation table.

This is what allowed old DOS utilities like undelete or norton undelete to function. Some days I do miss the old days since it seems n

While the statement itself is incorrect if taken as if it was accurate, traditionally when you delete a file on a partition table it does not delete the file only deletes the first bit of the filename from the file allocation table.

This is what allowed old DOS utilities like undelete or norton undelete to function. Some days I do miss the old days since it seems no one develops quality tools anymore for win XP +.

You're messing up terms. The "partition table" is in the master boot sector (and yes, there's an additional one at the start of an extended partition table, I know.) The partition table is irrelevant to the way in which files are stored.

What deleting files in DOS and on disks all the way up to FAT32 did was change the first byte of the filename to a known value, which represented a "deleted file". This filename was actually stored directly in the directory listing, not in the file allocation table. The

I've been annoyed at the crap level of tools for XP and onward for a long time. While Fat was crap disk defragmenting tools for NTFS are still horrid and tedious.

That's because NTFS does not have the same fragmentation problems that FAT does, and in particular only has fragmentation problems in a very small set of circumstances that average users will not come across.

To say that quality tools don't matter is moronic. You as always do the nerd thing and focus on just what I said not rather what was implied in the general sense.

And you're doing the idiot thing of not actually reading what I actually wrote. I am not against quality tools, rather "undelete" was never a quality tool.

It's like you're calling for a return to sticks and rocks because you can't find a good stick and/or rock. We don't need that shit anymore.

If the NSA really wanted the data on that drive they may be able to do it.

The point is this is all a nonsense urban legend that actually started on an entirely different type of drive entirely, an MFM drive, with much fuzzier bits, and someone hypothesized that data recover might theoretically be possible even after an overwrite, and you might want to do it with different patterns.

This hypothetical 'might' on much older drives has somehow become the actual literal truth, resulting in people running multiple wipe operations and even physically destroying drives, despite no one ever demonstrating recovery of a once-wiped file in the entire history of computers. Ever. At all. It has never once happened, no actual data recovery firm claims they can do.

In fact, the hypothetical recovery concept is near nonsense anyway. Even if we imagine that hard drives bits are something like ________ wide, and sometimes they write __++++++ and sometimes ------__, resulting in ------++, you can't actually recover from that. You don't know when that ++ got there. For all you know, that was a piece let over from two years ago, and the bit before the wipe was 0. Hell, for all you know, the bit started as +++++++ when the drive was made, and the first low-level format and every single write afterward just wrote to the last 6/8th of the bit, so you don't even know it ever was actually a one at all.

It's the equivalent of asserting that you can look at a dartboard and claim you can find the score of the last game. Uh, no, you can't. You might can see, with a microscope, every single dart that ever hit the board...but that tells you fuck all about the previous score, or who won, or what order they were thrown in.

For data to be recovered from 'before the wipe', you have to imagine that somehow the wipe was fundamentally different than every other write operation that happened before. That all other write operations helpfully left no traces of the previous state behind, but the 0 wipe did.

Before you say 'Well, a lot of places are only written once', I have to point out that a) It's exactly the changing places, the data, that is important. You know, the new stuff that got put over that file you deleted the other day. Recovering a Windows system file that got written to the disk at install and hasn't been written to again is not very useful. And b) all places on a hard drive are written to start with, it's called a low-level format. Before that they hold random 'data', which means there's nice, utterly random 'data' sitting there in the parts of the drive that don't get written to. How you can tell that from parts of the drive that did get written to at some point but somehow not written to in the wipe is a very very very interesting question...

Oh, and it's even worse than that. Because of how hard drives encode data, if you guess on one bit, you'll blow up the entire rest of the byte. If you don't know the value of bit 2, you can't know 3-8 either.

The entire thing is preposterous. The shame is that the only people who've ever called the urban legend what it is were so poorly funded. Someone should set up a Randi Foundation open-donation thing for that...I might kick in $10.

And talking about what the NSA 'might' do is insane. There's all sorts of magical tech the NSA might have, but, as I said, even pretending that hard drives actually had incredibly crappy wandering-all-over-the-drive tracks, which they do not, this would not actually let you put together an actual stream of any particular point in time. All you know is that every bit on the drive was zero at one point (because it was wiped) and not zero at one point (Because it was random before low-level format.). Good job figuring that out.

Governments, large financial institutions, covert military operations, corrupt diplomats, racketeers...
Who among such entities does not have the necessary resources to set up such a smear?

Meanwhile, this "encrypted" system sure sounds like a load of bollocks. It's all, like, secret. Wow. Yet how convenient, considering that it was "hidden", that it showed up exactly where and when it did.

It's more like the Kennedy assassination - who wouldn't gain by smearing Wikileaks here? Even Wikileaks themselves* might have planted it as a diversion as opposed to surreptitiously leaving it behind. Or maybe it's a Murder on the Orient Express plot, where either a whole bunch of players conspired together to do it, or else some stranger walked in the door, planted it, and walked out unseen.

*Yes, I do reject any of the conspiracy suggestions that say Kennedy himself was behind it, except the one on Red

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed

Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

a single server? and they went to the trouble of ensuring the removal of fingerprints, serial numbers and encryption?
I am not a huge fan of wikileaks but this really doesn't seem to fit in at all with how they operate. However it fits in perfectly with more nefarious and far less moral organisations such as the US government.

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed

Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

In this case, the most obvious culprit is the fallacy of your argument’s logic.

Let's see, there are two possibilities that come to mind since this was done in the proximity of the female Icelandic MP with connection to wikileaks:

The member of parliament who is a friend of wikileaks is in on this and wikileaks conducted the spying as is being ignorantly claimed

Agents on behalf of the US government conducted this in order to spy on the icelandic MP and others nearby because of her connection to wikileaks

Obviously we can throw out #1 because it does not at all fit with wikileaks modus operandi and cannot be carried out by their infrastructure. They're set up to anonymously accept documents and disseminate them, they're not spies. Moreover the icelandic MP in question would be risking much to do this only to access documents she probably already has access to.

So #2 becomes the most obvious culprit.

Or, of course, agents of any country that stands to gain from espionage conducted this in order to spy on someone in Iceland.

It is entirely possible to encrypt a hard drive that once powered down the data is "lost". It's called TrueCrypt System Disk Encryption. Where the decrypter is a boot loader and the decrypted key gets stores in ram. Power off, no more key. The key is needed again to unlock the drive after reboot. To take it to the next level one would put an encrypted file container inside the encrypted system that requires a USB key to unlock. It would take a very long time to decrypt both keys without some very very heavy computing power

That seems easy enough to subvert if you know it exists. Just watch for the unplugging of a keyboard, mouse, monitor, or network, throw up a screen demanding a password, and shut down if it's not given.

It's a neat trick, but if Full Disk Encryption products can't deal with this soon, they're pretty stupid.

This happened one year ago (see article) and what interesting data could one possibly hope to find within the walls of the Icelandic Parliament? And even if there was any, there are easier ways of looking for it than gaining entry to the offices and leaving a laptop there. It's even more silly to think Wikileaks were involved.

This reveals more about David Oddsson than Wikileaks. I bet Mr. Oddsson has some friends who were very deservedly burned by the Icelandic banking scandal that Wikileaks broke the story on. And, of course, that means Wikileaks must be at fault for anything else wrong involving spying or information leakage. It can't possibly be because Mr. Oddsson's friends are nasty people who deserve long jail sentences, no...

It's like a domestic abuse case where the abused refuses to implicate the abuser in anything th

So a strange computer was found in a government office...... which may have been used by someone affliated with an org that discloses government secrets...... as insinuated by a newspaper edited by the former head of said government...... as reported by someone who may also have had access to this office previously, as a government official.

Is this representative of the kind of media bias Iceland has to deal with? Don't get me wrong, it's not like any country has it better, but is it always so blatantly obvious?

Call the MAFIAA, they've been searching for that for ages! If that's true, the money worries of Iceland are at an end, they'll happily pay big bucks for such a technology!

Snideness aside, I guess I needn't mention that no computer on this planet is able to run "encrypted software". The OS has to be able to load the executable, hence it has to conform to standard. CPUs are only able to run instructions that match their instruction set, so that has to conform to that standard. It may be runtime encrypted, but

Well, unlike children, politicians are not generally liked by the majority of the population. Quite the opposite, especially recently. "Think of the politicians" could easily be misunderstood a prompt for... well, for reference see Tunisia.

Other than the hard drive, none of those serial numbers are tracked by computer vendors. Serials are tracked by manufacturers only for parts likely to fail, and only for parts which the vendor has a RMA agreement with the supplier.

Even mac addresses are usually not on record for any longer than it takes to print the required label.

If that information isn't on the order and shipping documents, chances are very good that the manufacturer has no clue what MAC is in what Computer, and the best you get is that it was in a particular batch of 300 computers which were sold to the Reykjavik Radio Shack.